ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 94

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
The FIRST step in an incident response plan is to:
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

Question 931

Report
Export
Collapse

Which of the following is the MOST important success factor for implementing a data loss prevention (DLP) tool?

A.
Implementing the tool in monitor mode to avoid unnecessary blocking of communication
A.
Implementing the tool in monitor mode to avoid unnecessary blocking of communication
Answers
B.
Defining and configuring policies and tool rule sets to monitor sensitive data movement
B.
Defining and configuring policies and tool rule sets to monitor sensitive data movement
Answers
C.
Testing the tool in a test environment before moving to the production environment
C.
Testing the tool in a test environment before moving to the production environment
Answers
D.
Assigning responsibilities for maintaining the tool to applicable data owners and stakeholders
D.
Assigning responsibilities for maintaining the tool to applicable data owners and stakeholders
Answers
Suggested answer: B

Explanation:

The success of a DLP implementation relies heavily on accurately defining and configuring the policies and rule sets. These configurations ensure that the DLP tool effectively monitors and controls the movement of sensitive data within the organization, thereby preventing data loss.

Reference

ISACA CISA Review Manual 27th Edition, Page 301-302 (Data Loss Prevention)

Question 932

Report
Export
Collapse

During which phase of the software development life cycle should an IS auditor be consulted to recommend security controls?

A.
Design and development
A.
Design and development
Answers
B.
Final acceptance testing
B.
Final acceptance testing
Answers
C.
Implementation of software
C.
Implementation of software
Answers
D.
Requirements definition
D.
Requirements definition
Answers
Suggested answer: D

Explanation:

An IS auditor should be consulted during the requirements definition phase to recommend security controls. This ensures that security considerations are integrated from the beginning of the software development life cycle, leading to more secure software design and implementation.

Reference

ISACA CISA Review Manual 27th Edition, Page 240-241 (SDLC Phases)

Question 933

Report
Export
Collapse

Which of the following is the MOST important consideration when defining an operational log management strategy?

A.
Audit recommendations
A.
Audit recommendations
Answers
B.
Industry benchmarking
B.
Industry benchmarking
Answers
C.
Event response procedures
C.
Event response procedures
Answers
D.
Stakeholder requirements
D.
Stakeholder requirements
Answers
Suggested answer: D

Explanation:

The most important consideration when defining an operational log management strategy is understanding and meeting stakeholder requirements. This ensures that the strategy aligns with organizational needs and regulatory requirements, providing relevant and actionable information for security and compliance.

Reference

ISACA CISA Review Manual 27th Edition, Page 273-274 (Log Management)

Question 934

Report
Export
Collapse

An external audit firm was engaged to perform a validation and verification review for a systems implementation project. The IS auditor identifies that regression testing is not part of the project plan and was not performed by the systems implementation team. According to the team, the parallel testing being performed is sufficient, making regression testing unnecessary. What should be the auditor's NEXT step?

A.
Evaluate the extent of the parallel testing being performed
A.
Evaluate the extent of the parallel testing being performed
Answers
B.
Recommend integration and stress testing be conducted by the systems implementation team
B.
Recommend integration and stress testing be conducted by the systems implementation team
Answers
C.
Conclude that parallel testing is sufficient and regression testing is not needed
C.
Conclude that parallel testing is sufficient and regression testing is not needed
Answers
D.
Recommend regression testing be conducted by the systems implementation team
D.
Recommend regression testing be conducted by the systems implementation team
Answers
Suggested answer: D

Explanation:

Regression testing is crucial to ensure that new changes do not negatively impact existing functionalities. The IS auditor should recommend that regression testing be conducted to confirm that the system operates correctly after changes are made.

Reference

ISACA CISA Review Manual 27th Edition, Page 256-257 (Testing Strategies)

Question 935

Report
Export
Collapse

Which of the following approaches BEST enables an IS auditor to detect security vulnerabilities within an application?

A.
Threat modeling
A.
Threat modeling
Answers
B.
Concept mapping
B.
Concept mapping
Answers
C.
Prototyping
C.
Prototyping
Answers
D.
Threat intelligence
D.
Threat intelligence
Answers
Suggested answer: A

Explanation:

Threat modeling is an approach that enables IS auditors to identify, analyze, and mitigate potential security vulnerabilities within an application by understanding the threats, attacks, vulnerabilities, and countermeasures. This proactive technique helps in designing secure applications.

Reference

ISACA CISA Review Manual 27th Edition, Page 276-277 (Threat Modeling)

Question 936

Report
Export
Collapse

An organization is implementing a new data loss prevention (DLP) tool. Which of the following will BEST enable the organization to reduce false positive alerts?

A.
Using the default policy and tool rule sets
A.
Using the default policy and tool rule sets
Answers
B.
Configuring a limited set of rules
B.
Configuring a limited set of rules
Answers
C.
Deploying the tool in monitor mode
C.
Deploying the tool in monitor mode
Answers
D.
Reducing the number of detection points
D.
Reducing the number of detection points
Answers
Suggested answer: B

Explanation:

To reduce false positive alerts, it is essential to carefully configure a limited set of rules tailored to the organization's specific data loss prevention needs. This ensures that the DLP tool accurately identifies true positives and reduces the occurrence of false alarms.

Reference

ISACA CISA Review Manual 27th Edition, Page 304-305 (DLP Tool Configuration)

Question 937

Report
Export
Collapse

An IS auditor is tasked to review an organization's plan-do-check-act (PDCA) method for improving IT-related processes and wants to determine the accuracy of defined targets to be achieved. Which of the following steps in the PDCA process should the auditor PRIMARILY focus on in this situation?

A.
Check
A.
Check
Answers
B.
Plan
B.
Plan
Answers
C.
Do
C.
Do
Answers
D.
Act
D.
Act
Answers
Suggested answer: B

Explanation:

In the PDCA cycle, the 'Plan' phase is where targets and objectives are defined. Focusing on this phase allows the auditor to evaluate the accuracy and appropriateness of the defined targets before they are implemented and measured in subsequent phases.

Reference

ISACA CISA Review Manual 27th Edition, Page 315-316 (PDCA Cycle)

Question 938

Report
Export
Collapse

Which of the following should be used as the PRIMARY basis for prioritizing IT projects and initiatives?

A.
Estimated cost and time
A.
Estimated cost and time
Answers
B.
Level of risk reduction
B.
Level of risk reduction
Answers
C.
Expected business value
C.
Expected business value
Answers
D.
Available resources
D.
Available resources
Answers
Suggested answer: C

Question 939

Report
Export
Collapse

Which of the following network communication protocols is used by network devices such as routers to send error messages and operational information indicating success or failure when communicating with another IP address?

A.
Transmission Control Protocol/Internet Protocol (TCP/IP)
A.
Transmission Control Protocol/Internet Protocol (TCP/IP)
Answers
B.
Internet Control Message Protocol
B.
Internet Control Message Protocol
Answers
C.
Multipurpose Transaction Protocol
C.
Multipurpose Transaction Protocol
Answers
D.
Point-to-Point Tunneling Protocol
D.
Point-to-Point Tunneling Protocol
Answers
Suggested answer: B

Question 940

Report
Export
Collapse

An IS auditor reviewing an organization's IT systems finds that the organization frequently purchases systems that are incompatible with the technologies already in the organization. Which of the following is the MOST likely reason?

A.
Ineffective risk management policy
A.
Ineffective risk management policy
Answers
B.
Lack of enterprise architecture (EA)
B.
Lack of enterprise architecture (EA)
Answers
C.
Lack of a maturity model
C.
Lack of a maturity model
Answers
D.
Outdated enterprise resource planning (ERP) system
D.
Outdated enterprise resource planning (ERP) system
Answers
Suggested answer: B
Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms